CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attackresulting into a complete break of RSA-1024 while using the left-to-rightmethod for computing the sliding-window expansion. The same attack isbelieved to work on RSA-2048 with moderately more computation. Thisside-channel requires that attacker can run arbitrary software on thehardware where the private RSA key is used.